AWS Backint Agent for SAP HANA 是经过 SAP 认证的备份和恢复解决方案,适用于在 Amazon EC2 实例上运行的 SAP HANA 工作负载。本文档将主要介绍部署AWS SAP Backint工具的过程。
架构图
0. 前提准备
SAP HANA部署所需的IAM role名称为:ascs-ers-role
SAP HANA两台虚拟机名称为hana01,hana02
SAP HANA的system ID:HDP
1. 部署KMS
访问KMS portal,创建KMS密钥:
允许用户ascs-ers-role访问这个密钥
创建完成后,获取的KMS ARN为:arn:aws:kms:ap-northeast-1:123456789012:key/e305d9e1-08e6-427a-933d-3a790cff840d
2. 创建S3存储桶
创建S3存储桶,用来保存HANA的备份。
创建的存储桶要求:block public access(must), 并且KMS加密(suggestion),通过步骤一创建的KMS加密S3
3. 创建S3 access policy,并附加到HANA EC2的profile上
策略如下:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketPolicyStatus",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
"s3:*"
],
"Resource": [
"arn:aws:s3:::xxxxxxs3forhanatest/*",
"arn:aws:s3:::xxxxxxs3forhanatest"
]
},
{
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource": "arn:aws:kms:ap-northeast-1:123456789012:key/e305d9e1-08e6-427a-933d-3a790cff840d"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObjectTagging",
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::xxxxxxxxs3forhana/hanabackup/*"
},
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": "arn:aws:s3:::awssap-backint-agent/*"
}
]
}
4. 创建S3 endpoint,确保HANA可以通过内网访问步骤2创建的存储桶
5. 在HANA EC2 Instance上部署backint
- 导航到 /tmp(或保存已下载安装程序的另一个临时目录)
cd /tmp
- 运行以下命令之一下载安装程序。
sudo aws s3 cp s3://awssap-backint-agent/binary/latest/install-aws-backint-agent /tmp/
- 运行以下命令以执行安装程序
sudo python3 install-aws-backint-agent
- 输入以下参数:
6. 测试备份
登陆HANA portal,选择备份系统数据库
备份选择Backint
备份过程
